Methods and apparatus for supporting session signaling and mobility management in a communications system

ABSTRACT

A mobile communications system that uses IP packets to transmit data between end nodes, such as mobile devices, is described. In order to facilitate session establishment, maintenance, security, and handoff operations, access nodes through which end nodes communicate with one another include a session signaling server module and a mobility agent module. The session signaling server module may be implemented as a SIP server while the mobility agent module may be implemented using Mobil IP signaling. The mobility agent and SIP server within an access node are identified using a single shared identifier, IP address. The same security method and common secret may be used to provide security with regard to both mobile IP messages and SIP messages. Sessions admission decisions and resource allocation for admitted sessions can also take place internally to the access node of this invention without need for signaling to external elements.

RELATED APPLICATIONS

The present application claims the benefit of the followingapplications: U.S. Provisional Patent Application Ser. No. 60/298,283,filed on Jun. 14, 2001, titled “Location of SIP Proxy Server in WirelessAccess Router”; U.S. Provisional Patent Application Ser. No. 60/369,016,filed on Apr. 1, 2002, titled: “Methods and Apparatus for Registrationfor SIP Services in Mobile Networks”; U.S. Provisional PatentApplication Ser. No. 60/370,524, filed on Apr. 5, 2002, titled: “Methodsand Apparatus for SIP Message Forwarding and Redirection”; and U.S.Provisional Patent Application Ser. No. 60/313,035, filed on Aug. 16,2001, titled: “A Method for Controlling IP Applications During NetworkChanges that Result in Resource Shortages” each of which is herebyexpressly incorporated by reference.

FIELD OF THE INVENTION

The present invention is directed to methods and apparatus forestablishing a data communication session and, more particularly, tomethods and apparatus for establishing a data communication sessionthrough an access node in a multi-node network, e.g., a cellular networkin which mobile end systems communicate with each other and other endsystems through access nodes.

BACKGROUND

Internet Protocol (IP) technology is designed to enable packet-switchedinterconnection of a heterogeneous set of computers and communicationnetworks. A potentially diverse set of network and link layertechnologies are interconnected through nodes, e.g., gateways (orrouters), that provide a packet forwarding service. Information istransferred between end nodes (or hosts) as blocks of data calleddatagrams, where source and destination hosts are identified by fixedlength addresses. Routing in IP internetworks is connectionless innature, in that datagrams are forwarded between routers on a hop-by-hopbasis using the destination address in the datagram.

Mobile IP (Ref: IETF RFC 2002) enables an IP host, also called a “mobilenode” in the context of Mobile IP, to dynamically change its point ofattachment to the network, yet remain contactable via a previously given“home address”. To achieve this a temporary local address or “care ofaddress” is associated with the mobile node when it visits a foreignnetwork. In some cases the care of address is that of a “foreign agent”that assists in this process, while in other cases the care of addressmay be directly assigned to the mobile node. The care of address isregistered back on the home network in a node referred to as the “homeagent”. The home agent intercepts packets destined to the home addressof the mobile node and redirects the packets, by means of encapsulationand tunneling, towards the care of address associated with mobile nodein the visited network. Upon delivery to the care of address, theencapsulation is removed and the original packet destined to the homeaddress is delivered to the mobile node.

The Session Initiation Protocol (SIP) (Ref: IETF RFC 2543) enables endnodes or users to establish data communication sessions. SIP is aclient/server protocol consisting primarily of request and responsemessage exchanges. A SIP transaction typically comprises arequest/response pair. SIP uses application layer routing, wherein SIPmessages sent between two “user agents” may traverse throughintermediate processing nodes referred to as SIP servers. SIP useragents and servers determine the next SIP node to which each messageshould be directed based on inspection and processing of SIP messageheader fields. Once the next SIP node is determined, the message isforwarded to that SIP node using normal network layer routingmechanisms. An enterprise network or Internet Service Provider may useSIP servers to assist in session establishment, enforce policies, orsupport user agent mobility. SIP mobility support mechanisms allow auser agent to maintain reachability by registering its present locationinformation with a SIP server in its home network. This locationinformation could either identify the location of the user agent oranother SIP server to which request for the user agent should be sent(e.g., a SIP server in a visited network). The SIP server in the homenetwork can then route any request for the user agent based on thepresently registered location information.

Both a mobility management mechanism and a session establishmentmechanism are required to support services such as Voice over IP in acellular data network. FIG. 1 illustrates a system 100 based on a simplecombination of Mobile IP and SIP. The system 100 is not necessarilyprior art, but is useful for explaining Mobile IP and SIP for backgroundpurposes and therefore will be discussed here. The depicted system 100comprises a plurality of access nodes 114, 126, where each access node114, 126 provides connectivity to a plurality of N end nodes (160, 162),(164, 166), respectively, via corresponding access links (118, 120),(122, 124), respectively.

Interconnectivity between the access nodes 114, 126 is provided throughnetwork links 106, 108 and an intermediate network node 102. The networkalso includes a SIP server node 112 that is connected to theintermediate network node 102 by network link 110. The intermediatenetwork node 102 also provides interconnectivity to another network 128via network link 104, where the network 128 is the home network of endnode X 162. The home network 128 includes a Mobile IPv4 home agent node130 and a home SIP server node 132, each of which is connected to anintermediate network node 138 by one of two network links 134, 136,respectively. The intermediate network node 138 in the home network 128also provides interconnectivity to network nodes that are external fromthe perspective of the home network 128 via network link 104. In theillustrated system 100, SIP servers 112 and 132 are physically distinctand remotely located from access nodes 114, 126 requiring externalsignaling between the housing of servers 112, 126 whenever either of theservers needs to interact with an access node 114, 126. As a result ofthe locations of server 112, 132 relative to access nodes 114, 126undesirable delays may occur when a SIP server 112, 132 needs tointeract with the elements of one of the access nodes 114, 126.

In the depicted system 100, end node X 162 uses Mobile IP to maintainreachability, while its present point of attachment to the network isthrough visited access node 114. End node X 162 has registered theaddress associated with a Mobile IPv4 foreign agent module 116 of theaccess node 114 as a care of address with its home agent 130 in its homenetwork 128.

End node X 162 has also registered the location of a visited SIP server112 with its home SIP server node 132 in its home network 128. Thus, thehome SIP server 132 will direct SIP requests for end node X 162 to thevisited SIP server 112. The dashed arrows show the path of a SIP requestand response for a session initiated from end node Y 166 to end node X162. End node Y 166 directs the initial request message 140 to the homeSIP server 132 of end node X 162. The home SIP Server 132 subsequentlydirects a request message 142 to the visited SIP server 112 inaccordance with the registered location information. Following receptionof the request message 142 from the home SIP server 132, the visited SIPserver 112 directs a request message 144 to the home address of end nodeX 162. This request message 144 is forwarded via normal network routingall the way back to the home network 128 of end node X 162, where it isintercepted by the home agent 130. The home agent 130 encapsulates theintercepted request message 144 and tunnels the encapsulated requestmessage 146 to the foreign agent 116. Following reception of theencapsulated request message 146, the foreign agent 116 directs arequest message 148 to end node X 162.

Following reception of the request message 148, end node X 162 sends aresponse to end node Y 166 such that the response traverses backwardsthrough the same set of SIP intermediate servers that processed therequest. This is accomplished in part by the fact that the informationidentifying the SIP servers 132, 112 through which the request traversedwas added to the request message 142, 144 as it was forwarded. Thus, endnode X 162 initially directs a response message 150 to the visited SIPserver 112. The visited SIP Server 112 subsequently directs a responsemessage 152 to the home SIP server 132. Following reception of theresponse message 152 from the visited SIP server 112, the home SIPserver 132 directs a response message 154 to end node Y 166. However,the path of the response would be more circuitous in the case whereMobile IP operates in reverse tunneling mode (Ref: IETF RFC 2344).Although the alternate response signaling path is not shown in thefigure, the following briefly describes the case when reverse tunnelingis used. As opposed to being delivered directly to the visited SIPserver 112, the response sent from end node X 162 would be encapsulatedand tunneled to the home agent 130, where it would be decapsulated bythe home agent 130 and directed back to the visited SIP server 112. Thenfrom the visited SIP server 112, the SIP response signaling path wouldproceed as before, to the home SIP server 132, and finally to end node Y166.

The depicted system 100 clearly illustrates the inefficient andcircuitous forwarding of SIP request/response signaling associated withthe establishment of a data communication session between end node Y 166and end node X 162. System 100 also has several other deficiencies,particularly regarding session admission control, resource allocation,and mobility support. The primary difficulty with session admissioncontrol stems from the fact that the admission control and policydecision points do not coincide with the admission control and policyenforcement points. In particular, while the SIP servers 112, 132process session establishment signaling and effectively serve asadmission control and policy decision points, these servers 112, 132 arenot on the path of session data traffic, and thus cannot be admissioncontrol and policy enforcement points. Note that data session trafficwill not go through servers 112, 132 since these are only used forsession signaling. Furthermore, since the SIP servers 112, 132 are noton the data path, they may be easily bypassed by the session signalingtraffic provided that there are no additional control mechanisms.Admission control and policy enforcement can more effectively be appliedin the access nodes 114,126, but this would require additional signalingbetween the SIP servers 112, 132 and the access nodes 114, 126 andgreatly increase the complexity of the system 100. Similarly, withrespect to resource allocation, since the SIP servers 112, 132 are noton the data path, the admission control decision cannot easily accountfor the availability of system resources to support the requested datacommunication session.

In a wireless communication system, information regarding theavailability of resources at the access node 114, 126 and over theaccess links 118, 120, 122, 124 can be critical. Incorporation of accessnode and link resource availability information in the admission controldecision in the system 100 would again require additional signalingbetween the SIP servers 112, 132 and the access nodes 114, 126 and againgreatly increase the complexity of the system 100. Finally, supportingmobility in combination with all of the above signaling requiresadditional mechanisms to accommodate the movement of an end node 160,162, 164, 166 during session establishment. In addition to increasingthe complexity of the system 100, the use of additional signalingbetween the SIP servers 112, 132 and the access nodes 114, 126 toaddress these issues would also increase the latency associated withestablishment of a data communication session and increase the bandwidthutilization on network links, thus reducing the practicality of theresultant system.

In view of the above discussion, it is apparent that there is a need forimproved methods and apparatus for supporting end node mobility,communication session establishment and several other operations relatedto establishing and maintaining communications sessions in systems whichuse packets to transmit data.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 illustrates one technique for using Session Initiation Protocolsignaling in a mobile IP environment wherein a first mobile end nodeinteracts with another end node via various other network elements.

FIG. 2 illustrates an access node implemented in accordance with thepresent invention.

FIG. 3 illustrates a network diagram of a communications systemimplemented in accordance with an exemplary embodiment of the invention.

FIG. 4 illustrates signaling performed in the exemplary system shown inFIG. 3 as part of the processes of initiating and conducting a datacommunication session between a first mobile end node and another endnode in accordance with an exemplary embodiment of the invention.

FIGS. 5 and 6 illustrate signaling performed in the exemplary systemshown in FIG. 3 as part of the process of initiating and conducting adata communication session between a first mobile end node and anotherend node in accordance with an exemplary embodiment of the invention,while the first mobile end node is in the process of a handoff betweentwo access nodes.

SUMMARY OF THE INVENTION

Methods and apparatus of the present invention can be used to supportsession signaling and mobility management in a network including aplurality of end nodes that interact via a plurality of access nodes.The access nodes may be implemented as wireless access routers whichinclude receiver and transmitter circuitry in an interface to supportcommunications with wireless nodes via a wireless communicationschannel. The access nodes may be, for example, base stations in acellular communications system. The access nodes interface may alsoinclude circuitry for coupling the access node to another node, e.g., anintermediate node used to couple two or more access nodes together.

A network implemented in accordance with the present invention includesone or more access nodes of the present invention through which endnodes can establish and conduct communications sessions. End nodes maybe, for example, mobile devices which include or are IP hosts. An accessnode implemented in accordance with the present invention includes,within a single housing, a session signaling module in addition to amobility agent module. An authentication module, network resourceinformation and state information are also included in the access nodein some embodiments. The session signaling module may be, e.g., aSession Initiation Protocol (SIP) server while the mobility agent modulemay be implemented as a Mobile IP module. The various modules comprisingan access node in accordance with the invention are implemented in afashion that allows resource and state information from each module aswell as the other parts of the access node to be visible, used and/orupdated by one another. This allows for a system where sessioninitiation signaling and session mobility can be supported with lesssignaling between remote devices than occurs in the FIG. 1 system.

In accordance with the present invention, the session signal servermodule and mobility agent module may be identified to devices, e.g.,nodes, external to the access node using a single common identifier,e.g., IP address. From an end node's perspective, this simplifies endnode interaction with the session signal server module and mobilityagent module by avoiding the need to determine and keep track of twodifferent addresses. The access node may communicate the single commonidentifier to a plurality of end nodes, e.g., prior to the access nodeestablishing a communications session including one or more of the endnodes in said plurality. The location of the session signaling servermodule and mobility agent module in the access node also facilitates theuse of the same security method for verifying, authenticating and/orencrypting messages directed to either of the session signaling servermodule and mobility agent module. For example, in one embodiment theauthentication module uses the same shared secret, e.g., secret valuesuch as an authentication or encryption key, and authentication methodto authenticate messages to the session signaling server module that ituses to authenticate messages to the mobility agent module. In someembodiments the shared secret is stored in the access node's memory.

In the exemplary embodiments described below the session signalingserver module in an access node is used to redirect session signalingbetween end nodes based on state information supplied or maintained bythe mobility agent module included in the same access node. Theinformation maintained by the mobility agent module may include anaddress corresponding to an access node to which a mobile node is beingor has been handed off. The redirection process, in some embodiments,involves signal processing such as signal reformatting. The signalprocessing is normally performed by the signaling server module but maybe performed by one or more other modules in the access node. In thismanner access nodes of the present invention can, at least in somecases, avoid long redirection paths that might otherwise occur withoutthe presence of a concurrently located mobility management system, e.g.,mobility agent module in the same device as the session signaling servermodule.

The co-location of session signaling module with the other modules inthe access node has the additional advantage of allowing some or alllocal session admission and resource allocation decisions to be madewithout the need for signaling to elements external to the access nodeof the invention.

Another advantage provided by the co-location of the said modules andinformation in the access node of the invention is that it allows forsmooth operation of session signaling even when end nodes involved insaid signaling are changing access nodes through which they gain accessto the network, e.g., as part of a handoff operation. This is achievedby storing state information including information about communications,settings, security, and the parameters used to communicate, service, andinteract with an end node and then transferring at least some of thisstate information to a new access node. In accordance with theinvention, all or some of the state information is exchanged between acurrent access node and a new access node when an end node move from thecurrent access node to the new access node takes place, e.g., when ahandoff occurs. The transfer of state information may occur when thehandoff begins. As part of the handoff, the mobility agent module in thecurrent node redirects session signaling messages directed to thecurrent access node to the new access node, e.g., according to the stateinformation. Thus session signaling messages can be redirected in atimely and efficient manner.

In some embodiments the mobility agent module is implemented usingMobile IP signaling. In one particular embodiment the mobility agent isimplemented as a MIPv4 foreign agent while in another embodiment themobility agent is implemented as a MIP v6 attendant.

The modules included in the access node of the invention are implementedusing software, hardware or a combination of software and hardware. Inthe case of software implementations, the modules include differentinstructions or sets of instructions used to control hardware, e.g.,circuitry, to implement each of the different operations performed bythe module.

Numerous additional embodiments, features, and advantages of the methodsand apparatus of the present invention are discussed in the detaileddescription that follows.

DETAILED DESCRIPTION

FIG. 2 illustrates an exemplary access node 200 implemented inaccordance with the present invention. In the FIG. 2 embodiment, theaccess node 200 includes an input/output interface 201, a processor 203and memory 212, coupled together by bus 205. The elements 201, 203, 212,205 of access node 200 are located inside a housing 211, e.g., a case ofplastic and/or metal, represented by the rectangle surrounding thenode's internal elements 201, 203, 212, 205. Accordingly, via bus 205the various components of the access node 200 can exchange information,signals and data. The input/output interface 201 provides a mechanism bywhich the internal components of the access node 200 can send andreceive signals to/from external devices and network nodes. Theinput/output interface 201 includes, e.g., a receiver circuit andtransmitter circuit used for coupling the node 200 to other networknodes, e.g., via fiber optic lines, and to end nodes, e.g., via wirelesscommunications channels.

The processor 203 under control of various modules, e.g., routines,included in memory 212 controls operation of the access node 200 toperform various signaling, session admission, resource allocation,authentication, and other operations as will be discussed below. Themodules included in memory 212 are executed on startup or as called byother modules. Modules may exchange data, information, and signals whenexecuted. Modules may also share data and information when executed. Inthe FIG. 2 embodiment, the memory 212 of access node 200 of the presentinvention includes a mobility agent module 202, a session signalingserver module 204 and an authentication module 208 as well as resourceinformation 206 and state information 210.

Resource information 206 includes, e.g., parameters, resource limitsboth internal to the access node 200 as well as on its interfaces 201,indication and/or accounting of active sessions and/or used resourcesand/or available resources both internal to the access node 200 as wellas on its interfaces 201. State information 210 includes, e.g.,parameters, communication session and/or end node status information,security information, and/or other information relating to end nodeinteraction and/or communication with an access node and/or anotherdevice.

The session signaling server module 204 allows the access node 200 tosupport session initiation operations, e.g., processing of receivedsignals or messages used for the establishment of a data communicationsessions and sending of subsequent signals or messaging as required. Thesession signaling server module 204 also supports session maintenanceand termination services. During a session initiation operation as partof an admission control step the session signaling server may take intoaccount and keep track of available resources. Thus, the sessionsignaling server may access and update the resource information 206,which is kept in memory 212, e.g., information on available remainingbandwidth not allocated to active sessions.

The mobility agent module 202 allows the access node 200 to support endnode mobility and connectivity management services. Thus, the accessnode 200 is capable of providing node mobility, session establishment,and session maintenance services to connected end nodes. The mobilityagent module 202 may be implemented in a plurality of ways. In the FIG.2 embodiment it is implemented with a collection of sub-modules. Asillustrated, the mobility agent module 202 includes sub-modules 242,244, 246, which operate as a Mobile IPv4 Foreign Agent, a Mobile IPv6Attendant, and a Host Routing Agent, respectively. By includingsub-modules 242, 244 the mobility agent module 202 is capable ofsupporting multiple versions of Mobile IP signaling including MobileIPv4 and Mobile IPv6 signaling. In various embodiments, the mobilityagent module 202 includes a subset of the sub-modules 242, 244 and 246shown in FIG. 2. For example, in embodiments where Mobile IPv6 is notrequired, the mobile IPv6 Attendant sub-module 244 may be omitted.

As shown in FIG. 2, the exemplary mobility agent module 202 includes acontext transfer sub-module 248 used to perform information, e.g.,state, transfer operations as part of a handoff. As part of a handoffoperation executed by the mobility agent module 202 when an end nodechanges its point of connection from the access node 200 to anotheraccess node, or vice versa, the context transfer sub-module 248 performsan operation to support the transfer of state information 210 regardingthe end node from one access node to the next. The state information 210that is transferred includes state information provided by other modulesin memory 212. In particular, the state information 210 includes datacommunication session state and session establishment state provided bythe session signaling server module 204, as well as authentication stateand other security related state provided by the authentication module208. In the present context “state” is used to broadly refer toinformation about a state, e.g., of a device, node, or communicationssession. In alternative embodiments of the invention the mobility agentmodule 202 may also include additional sub-modules to support a numberof mobility related functions that improve the performance of handoffand minimize service disruption. In another alternative embodimentequivalent context transfer functionality may be implemented as aseparate module in memory 212, as opposed to a sub-module of themobility agent module 202.

The authentication module 208 included in memory 212 of the access node200 is capable of authenticating messages and signals from other networknodes and end nodes connecting to the access node 200 via theinput/output interface 201. The authentication module 208 also providesauthentication services to other modules and sub-modules included in thememory 212 of the access node 200. Thus, the authentication module 208can check the validity of messages and signals received by other modulesand sub-modules in memory 212, e.g., the session signaling server module204. Authentication module functionality can be incorporated directlyinto other modules or sub-modules instead as a separate module 208.

Incorporating a session signaling server module 204, mobility agentmodule 202, and authentication module 208 inside the housing 211 of anaccess node 200 where resource information 206 and state information 210can be easily accessed, provides significant advantages in terms ofsignaling complexity associated with session establishment andmaintenance over the FIG. 1 system.

While shown as software module in the FIG. 2 implementation, each of themodules 204, 202, 208, and sub-modules included therein, can beimplemented using hardware, software or a combination of software andhardware. For purposes of the invention described herein, references tomodules or sub-modules are to be understood as software, hardware or acombination of software and hardware that performs the functions of thedescribed module or sub-module.

In accordance with one particular embodiment of the present invention,the session signaling server module 204 is a SIP (Session InitiationProtocol) server. In a particular embodiment, the access node 200 isimplemented as a wireless access router that supports forwarding of IP(Internet Protocol) datagrams. In such an implementation input/outputinterface 201 includes circuitry, e.g., receiver/transmitter circuitry,that allows end nodes to connect to the access node 200 using wirelesscommunications technology, e.g., via wireless communications channels.In one such implementation the coverage area of the access node iscalled a communication “cell”. In alternative embodiments, the sessionsignaling server module 204 sends, receives and processes signal basedon other protocols such as the Resource Reservation Protocol (RSVP). Insome embodiments the session signaling server module 204 supports bothSIP and RSVP signaling. In some embodiments the input/output interface201 includes circuitry that allows end nodes to connect to it via wired,wireless or a combination of wired and wireless communicationstechnologies.

FIG. 3 illustrates an exemplary system 400 that comprises a plurality ofaccess nodes 200, 200′, 200″ implemented in accordance with the presentinvention. FIG. 3 also depicts communication cells 300, 300′, 300″surrounding each access node 200, 200′, 200″, respectively, whichrepresents the coverage area of corresponding access node 200, 200′,200″, respectively. The same physical and functional elements aredepicted in each of the communication cells, thus the followingdescription of the elements in the cell 300 surrounding access node 200is directly applicable to each of the cells 300, 300′, 300″. Thedepiction of the access node 200 is a simplified representation of theaccess node 200 depicted in FIG. 2. The illustration of the access node200 in FIG. 3 depicts the mobility agent module 202, session signalingserver module 204, authentication module 208, resource information 206and state information 210, while some other elements are not shown. Aset of arrows 207 is used to represent the exchange of data,information, and signals between the depicted elements when they areexecuted. While the input/output interface 201 is not shown in FIG. 3,connectivity between access node 200 and other network nodes is shownand is subsequently further described. FIG. 3 illustrates the accessnode 200 providing connectivity to a plurality of N end nodes 302, 304via corresponding access links 306, 308.

Interconnectivity between the access nodes 200, 200′, 200″ is providedthrough network links 310, 311, 313 and an intermediate network node320. The intermediate network node 320 also provides interconnectivityto another network 330 via network link 322, where the network 330 isthe home network of end node X 304. The home network 330 includes a homemobility agent node 332 and a home session signaling server node 334,each of which is connected to an intermediate network node 336 by one oftwo network links 338, 340, respectively. The intermediate network node336 in the home network 330 also provides interconnectivity to networknodes that are external from the perspective of the home network 330 vianetwork link 322.

The home mobility agent node 332 in the system 400 allows end node X 304to maintain reachability as it moves between access nodes 200, 200′,200″. The home mobility agent node 332 is responsible for redirectingpackets to the current location of end node X 304 by maintaining amapping between the home address and an address associated with theaccess node through which end node X 304 is current connected. The homesession signaling server 334 in the system 400 provides sessionsignaling and redirection services to facilitate establishment of datacommunication sessions to end node X 304.

Alternative embodiments of the invention include various networktopologies, where the number and type of network nodes, the number andtype of links, and the interconnectivity between nodes differs from thatof the system 400 depicted in FIGS. 3 to 6.

FIG. 4 illustrates the signaling performed in the exemplary system 400shown in FIG. 3 as part of the processes of initiating and conducting adata communication session between a first mobile end node X 304 andsecond end node Y 304″ in accordance with an exemplary embodiment of theinvention. The following description of how end nodes 302, 304 obtainservice through access node 200, including the methods forauthentication and discovery of an identifier, e.g., address, isrepresentative of similar operations that may be performed by end nodes(302, 304), (302′, 304′), (302″, 304″) and the corresponding access node200, 200′, 200″, respectively. In order to obtain service through theaccess node 200, end nodes 302, 304 perform various signaling and otheroperations when they enter the coverage area of an access node 200. Thespecific details of these signals and operations vary depending on theunderlying communication technology and protocols used. In the FIG. 4embodiment of this invention, an authentication module 208 in an accessnode 200 uses an end node specific secret value to authenticate signals,e.g., messages, received from an end node 302, 304 during an initialaccess phase and uses the same secret value to validate messagessubsequently received by other modules, e.g., the session signalingserver module 204. In addition to using the same secret value, theauthentication module 208 may also use the same method to perform theauthentication operation for messages received by the various modules.

In the FIG. 4 embodiment of this invention, the mobility agent module202 and session signaling server module 204 each of which is included inthe access node 200, can be contacted using the same identifier. Theidentifier may be, e.g., an IP address associated with both modules 202,204. According to this invention the shared identifier, e.g., address,is made known to the end nodes 302, 304 within the coverage area ofaccess node 200 by sending a signal, e.g., message 402 from the accessnode 200 to the end nodes 302, 304. Similarly, end nodes in theexemplary system 400 receive this identifier, e.g., address, informationfrom their corresponding access node through which they access thecommunications system 400. In one particular embodiment of thisinvention an access node 200 periodically broadcasts a signal, e.g.,message 402, including the identifier, e.g., address, information. Inalternative embodiments an end node 302, 304 solicits the identifier,e.g., address, information by sending a signal, e.g., message, when itenters the coverage area of an access node 200. The access node 200 thenresponds by sending a signal, e.g., message, including the requestedidentifier, e.g., address, information to the end node. An access node200 may also use a combination of the two methods, in which case accessnode 200 periodically broadcasts a signal, e.g., message, including theidentifier, e.g., address, information and also responds to specificsolicitations from end nodes 302, 304.

In the FIG. 4 illustration, end node Y 304″ initiates establishment of adata communication session with end node X 304. End node Y 304″ firstsends a request session signaling message 404 to end node X 304 via thesession signaling module 204″ in the access node 200″. While the requestmessage 404 is directed to the session signaling module 204″, therequest message 404 also identifies end node X 304 as the target ofsession establishment request. The session signaling module 204″ inaccess node 200″ receives the request message 404, adds its ownidentifier, e.g., address, to the request message and redirects therequest message 406 to the home session signaling server 334 of the endnode X 304. The home session signaling server 334 receives the requestmessage 406, adds its own identifier, e.g., address, to the requestmessage and redirects the request message 408 to the currentlyregistered location of end node X 304, which is the session signalingmodule 204 in access node 200 to which end node X 304 is connected.

Following reception of the request message 408 from the home sessionsignaling server 334, the session signaling module 204 in access node200 accesses state information 210 associated with the mobility agent202 to control redirection of the request message. Since the stateinformation 210 indicates that end node X 304 is directly connected viaaccess link 308; the session signaling server module 204 does not haveto direct the request message to the home mobility agent 332 of end nodeX 304. Instead it adds its own identifier, e.g., address, to the requestmessage 408 and delivers the request message 410 directly to end node X304 over access link 308.

Following reception of the request session signaling message 410, endnode X 304 sends a response session signaling message 412 back to endnode Y 304″. The response message 412 from end node X 304 to end node Y304″ takes the reverse path specified by the list of identifiers, e.g.,addresses, of intermediate session signaling nodes included in thereceived request message. In particular, the response message 412 issent from end node X 304 to the session signaling module 204. Sessionsignaling server module 204 sends the response message 414 to homesession signaling server node 334, which sends the response message 416to session signaling server module 204″ in access node 200″. The sessionsignaling server module 204″ in access node 200″ then sends the message418 to end node Y 304″, which completes the session signalingtransaction.

According to this invention since the session signaling server modules204, 204″ in the access nodes 200, 200″, respectively, are in thesession signaling path, they have access to the information in thesession signaling message that describe the session's resourcerequirements. Resources such as a minimum bandwidth on the access linkmay be required for sessions to operate appropriately. Additionally, thesession signaling modules 204, 204″ have access to the current accessnode load levels and local policy contained in resource information 206,206″ and state information 210, 210″. Based on this information thesession signaling servers 204, 204″ in the access nodes 200, 200″ canadmit or reject the session that end node X and end node Y attempt toestablish. If a session is admitted, the session signaling servermodules 204, 204″ reserve these resources in the access nodes 200, 200″.

In the exemplary embodiment of this invention end node X 304 is mobileand thus can at any time move between the communication cells 300, 300′,300″. FIGS. 5 and 6 illustrate signaling performed in the exemplarysystem 400 shown in FIG. 3 as part of the processes of initiating andconducting a data communication session between a first mobile end nodeX 304 and second end node Y 304″ in accordance with an exemplaryembodiment of the invention while the target end node X 304 is in theprocess of handing off between a first access node 200 and a secondaccess node 200′. The movement of end node X 304 in FIGS. 5 and 6 isdepicted with a double arrow 426, 430 in each figure, respectively. Forillustration purposes FIGS. 5 and 6 depict the signaling and interactionbetween nodes according to an exemplary timing of events describedbelow. Similar but not necessarily identical processes will apply if thetiming of the events is modified.

As shown in FIG. 5, end node Y 304″ first sends a request sessionsignaling message 420 to end node X 304 via the session signaling module204″ in the access node 200″. While the request message 420 is directedto the session signaling module 204″, the request message 420 alsoidentifies end node X 304 as the target of session establishmentrequest. The session signaling module 204″ in access node 200″ receivesthe request message 420, adds its own identifier, e.g., address, to therequest message and redirects the request message 422 to the homesession signaling server 334 of the end node X 304. The home sessionsignaling server 334 receives the request message 422, adds its ownidentifier, e.g., address, to the request message and redirects therequest message 424 to the currently registered location of end node X304, which is the session signaling module 204 in access node 200 towhich end node X 304 is connected.

Prior to the arrival of request message 424 at the session signalingserver module 204, end node X 304 changes its point attachment to thenetwork from a first access node 200 to a second access node 200′. Notethat FIG. 5 shows end node X 304 connected to the first access node 200via access link 308, while FIG. 6 shows end node X 304 connected to thesecond access node 200′ via access link 305. FIG. 6 illustrates ahandoff operation 432 that is coordinated by the mobility agent modules202, 202′ in access nodes 200 and 200′. As part of the handoff operation432, state information 210 associated with end node X 304 is transferredfrom the first access node 200 to the second 200′. Transferredinformation includes, for example, authentication information, sharedsecrets, and unique identifiers for previously admitted sessions as wellas any associated session state for end node X 304 in access node 200.During and for a predetermined period of time following the handoffoperation 432, the mobility agent module 202 in the first access node200 maintains state information 210 regarding the new point ofattachment of end node X 304, e.g., an identifier or address of thesecond access node 200′. Thus, upon arrival of request message 424 fromthe home session signaling server 334, the session signaling module 204in access node 200, accesses the state information 210 associated withthe mobility agent 202 to control redirection of the request message.Since the state information 210 in the first access node 200 indicatesthat end node X 304 has changed its point of attachment to the secondaccess node 200′, the session signaling server module 204 in the firstaccess node 200 optionally add its own identifier, e.g., address, to therequest message and immediately redirects the request message 434 to thesession signaling server module 204′ in the second access node 200′, asshown in FIG. 6. Note that in the exemplary embodiment, the sessionsignaling server module 204 in the first access node 200 does not addits own identifier, e.g., address, to the request message 434 that isdirected to the session signaling server module 204′ in the secondaccess node 200′.

Following reception of the request message 434 from the sessionsignaling server module 204 in the first access node 200, the sessionsignaling module 204′ in the second access node 200′ accesses stateinformation 210′ associated with the mobility agent 202′ to controlredirection of the request message. Since the state information 210′indicates that end node X 304 is directly connected via access link 305,the session signaling server module 204′ does not have to direct therequest message to the home mobility agent 332 of end node X 304.Instead, it adds its own identifier, e.g., address, to the requestmessage 434 and then delivers the request message 436 directly to endnode X 304 over access link 305.

Following reception of the request session signaling message 436, endnode X 304 sends a response session signaling message 438 back to endnode Y 304″, as shown in FIG. 6. The response message 438 from end nodeX 304 to end node Y 304″ takes the reverse path specified by the list ofidentifiers, e.g., addresses, of intermediate session signaling nodesincluded in the received request message. In particular, the responsemessage 438 is sent from end node X 304 to the session signaling module204′. Session signaling server module 204′ sends the response message440 to home session signaling server node 334, which sends the message442 to session signaling server module 204″ in access node 200″. Thesession signaling server module 204″ in access node 200″ then sends themessage 444 to end node Y 304″, which completes the session signalingtransaction. Recall that in the exemplary embodiment, the sessionsignaling server module 204 in the first access node 200 did not add itsown identifier, e.g., address, to the request message 434 that wasdirected to the session signaling server module 204′ in the secondaccess node 200′ and therefore is not included in the reverse path.

While session signaling between end node Y 304″ and end node X 304 isdescribed to go via the session signaling server modules 204″ and 204 inaccess nodes 200″ and 200 and only one additional session signalingserver node 334 in the network, in several embodiments of this inventionthe request/response messages may go through a number of other sessionsignaling nodes in the network according to network policy and messagerouting.

While in the description above the session signaling server modules 204,204″ reserve the resources required directly in an alternativeembodiment of this invention, end nodes 304, 304″ and/or sessionsignaling servers 204, 204″ may use resource reservation protocolmessages, such as RSVP messages, to reserve the resources for anadmitted session. In one embodiment of the invention and during theadmission phase for a given session the access node 200 generates aunique identifier and associates it with the admitted session. Thisidentifier is unique in this access node 200 and also in any otheraccess nodes 200′ 200″ to which the end node X 304 may move to duringthe lifetime of the session. In one particular embodiment the accessnode 200 ensures uniqueness of the identifier by combining a valueassociated with end node X 304 and another value associated with accessnode 200. Similarly a unique identifier is generated by access node 200″for the same session to which end node Y 304″ participates.

While session request signals from the end nodes, such as signal 404 inFIG. 4 are shown as being explicitly sent directly to the sessionsignaling server module, e.g.: 204″ in FIG. 4, in another alternativeembodiment of this invention the request session signaling message 404from end node Y 200″ is not directed to the session signaling module204″ in the immediate access node 200″, but is instead sent to anothersession signaling node in the network, e.g., the home session signalingserver 334 of end node X 304. In such a case the session signalingmodule 204″ in access node 200″ would intercept, e.g., snoop, themessage 404 and inspect the message 404 to extract the informationrequired so that the session can be admitted or rejected. In such animplementation, we refer to the session signaling server module 204″ asa snooping session signaling module. In an alternative embodiment ofthis invention the snooping session signaling module also adds itsidentifier, e.g., address, to the message before it send the message tothe next session signaling node. Responding messages will thusexplicitly go through the snooping session signaling module. The sameprocedure is repeated at the receiving end when the request sessionsignaling message is not directed to the session signaling module 204 inaccess node 200. The session signaling module 204 instead intercepts thesession signaling message 408, extracts the information needed forsession admission and optionally adds its own identifier, e.g., address,to the message so that response session signaling messages will gothrough it in an explicit manner.

Additional aspects, features, methods, apparatus and exemplaryembodiments which are part of the inventive methods and apparatus towhich the present patent application is directed are described in thefollowing U.S. Provisional patent applications each of which is herebyexpressly incorporated by reference into the present patent application.

-   -   1. U.S. Provisional Patent Application Ser. No. 60/298,283,        filed on Jun. 14, 2001, titled: “Location of SIP Proxy Server in        Wireless Access Router”.    -   2. U.S. Provisional Patent Application Ser. No. 60/369,016,        filed on Apr. 1, 2002, titled: “Methods and Apparatus for        Registration for SIP Services in Mobile Networks”.    -   3. U.S. Provisional Patent Application Ser. No. 60/370,524,        filed on Apr. 5, 2002, titled: “Methods and Apparatus for SIP        Message Forwarding and Redirection”.    -   4. U.S. Provisional Patent Application Ser. No. 60/313,035,        filed on Aug. 16, 2001, titled: “A Method for Controlling IP        Applications During Network Changes that Result in Resource        Shortages”.

As a result of the above incorporation by reference, the text andfigures of the listed provisional patent applications form part of thepresent description. It is to be understood that the reference numeralsused in the text and figures of the provisional patent applications areto be interpreted in the context of the particular incorporatedprovisional application and are not to be interpreted as the same as anysimilarly numbered element or elements described in the above text orthe figures which are included herein without the use of anincorporation by reference. It is to be further understood thatmandatory language in the incorporated provisional applications such as“must”, “only”, etc., if any, is to be interpreted as being limited tothe exemplary embodiments described in the provisional applications andis not to be interpreted as a limitation on the embodiments, figures,and claims of the present application which are not incorporated byreference.

Numerous variations on the above described inventions will be apparentto those of ordinary skill in the art based on the above description.Such variations are to be considered within the scope of the invention.

1. A communications method for use in a communications system includinga plurality of nodes, said plurality of nodes including first and secondend nodes, the method including the steps of: providing an access nodeincluding a session signaling server module through which the first endnode can establish a data communications session with the second endnode; and operating said access node to transmit data communicationssignals from said first end node to said second end node once a datacommunications session between said first and second end nodes isestablished.
 2. The method of claim 1, further comprising: operatingsaid session signaling server module to perform a session initiationoperation.
 3. The method of claim 2, wherein said step of operating saidsession signaling server module to perform a session initiationoperation includes: operating said session signaling server module totransmit session initiation signals using SIP signaling.
 4. The methodof claim 3, wherein said access node is a first wireless access router;wherein said session signaling server module is a SIP server; andwherein the step of operating said session signal server moduleincludes: transmitting a SIP message from said SIP server included insaid first wireless access router to another SIP server included in saidcommunications system.
 5. The method of claim 4, wherein said anotherSIP server is included in a second wireless access router used to couplesaid second end node to said first wireless access router.
 6. The methodof claim 4, further comprising: operating said first wireless accessrouter to interact with a first plurality of mobile nodes over awireless communications channel, said first end node being one of saidplurality of mobile nodes.
 7. The method of claim 6, further comprising:operating a second wireless router including a second SIP server tointeract with a second plurality of mobile nodes, said second end nodebeing one of said second plurality of nodes.
 8. The method of claim 2,further comprising: operating said session signaling server module toreserve network resources.
 9. The method of claim 1, further comprising:operating said session signaling server module to transmit SIP signalsto perform a session initiation operation used to initiate a datacommunications session between the first end node and the second endnode; and operating said session signaling server to transmit RSVPsignals to reserve network resources for said data communicationssession.
 10. The method of claim 1, further comprising operating saidsession signaling server module to transmit SIP signals to perform asession initiation operation used to initiate a data communicationssession between the first end node and the second end node; andoperating said session signaling server to reserve network resources forsaid data communications session as a function of information includedin received SIP signals.
 11. The method of claim 2, further comprising:operating said access node to perform at least one of a sessionauthorization and a session admission operation as part of said step ofperforming a session initiation operation.
 12. The method of claim 9,further comprising: operating said access node to generate a uniqueidentifier associated with a session admitted by said access node. 13.The method of claim 12, wherein said step of operating said access nodeto generate a unique identifier includes combining a value associatedwith an end node associated with said admitted session and a valueassociated with said access node.
 14. The method of claim 2, furthercomprising the step of: operating said access node to communicate with afirst set of end nodes using wireless links; and operating said accessnode to communicate with a second set of end nodes using a combinationof wireless and wired communications links.
 15. The communicationsmethod of claim 1, wherein said access node further includes a mobilityagent module, the method comprising: using said mobility agent module tofacilitate communication between said first and second end nodes whensaid first end node changes the access node through which it accessessaid communications system.
 16. The method of claim 15, furthercomprising: prior to establishing a data communications session,communicating a single common identifier used to identify both saidsession signaling server module and the mobility agent module includedin said access node to a plurality of end nodes included in saidcommunications system.
 17. The method of claim 16, wherein said singleidentifier is an Internet Protocol address.
 18. The method of claim 17,further comprising: operating said first end node to transmit datasession initiation signals, including said single common identifier, tothe session signaling server included in said first access node toestablish a data communications session.
 19. The method of claim 15,further comprising: operating an authentication module included in saidaccess node to perform authentication operations to authenticatemessages from end nodes that attempt to communicate with either of saidsession signaling server module and said mobility agent module.
 20. Themethod of claim 19, wherein said authentication module uses the sameauthentication method to authenticate messages from end nodes attemptingto communicate with the session signaling server module that saidauthentication module uses to authenticate messages from end nodes tosaid mobility agent module. 21-59. (canceled)